3 Replies Latest reply on Jun 10, 2011 7:29 PM by wcoetsee

    SSL Inspection Requirements

      Hi All,

       

      Need to discuss and clarify SSL Inspection requriements. Currently deploying two 4500 MWG running v7.1 in Proxy HA configuration. One of the requirement are to perform SSL Inspection. They way I understand it is client will request HTTPS session, MWG initiate the HTTPS request to the destinationon behalf of the client and inturn open a HTTPS request to the Client using it's own certificate.

       

      Now seeing that the MEG uses its own CA Cert it displays as untrusted on client machines/browsers. One way to solve this would be to distribute this MEG CA Cert as trusted to clients computers using GPO. However the client does not want to go down this path. What other options do we have as the customer does have their own internal MS CA.

       

      1. Should I add the customers internal CA as CRL under settings\Engines\CertificateChain? And what would be the benfit? Only the fact that it would then trust other internal certs?

       

      2. How do I solve our problem, can we import cert from internal CA? This is probably the answer but how does one generate a CSR from MWG which the internal CA need in order to create cert?

       

      Any help would be much appreciated.

       

      Thanks,

      Werner